This changes the behaviour of `tor --version` in such a way.
```console
src/app/tor --version
Tor version 0.4.5.1-alpha-dev (git-46ccde66).
Tor is running on Linux with Libevent 2.1.12-stable, OpenSSL 1.1.1h, Zlib 1.2.11, Liblzma 5.2.4, Libzstd 1.4.5 and Glibc 2.31 as libc.
Tor compiled with GCC version 10.2.0
```

Fixes #32102

Samanta Navarro authored 4 years ago and David Goulet committed 4 years ago

Typos found with codespell.

Please keep in mind that this should have impact on actual code
and must be carefully evaluated:

src/core/or/lttng_circuit.inc
-    ctf_enum_value("CONTROLER", CIRCUIT_PURPOSE_CONTROLLER)
+    ctf_enum_value("CONTROLLER", CIRCUIT_PURPOSE_CONTROLLER)

These options are meant for testing builds only, and are likely to
cause trouble if used in a production environment.

Closes #18888.

At this commit, a new service registers to the module and a store is created.
It also remove itself from the metrics module if it goes away.

In order to hook into the metrics subsystem, this commit attaches the HS
subsystem into the subsystem global list so its get_metrics() call can be
accessible.

HS initialization is still _not_ done through the subsys module as it is
likely require much more testing.

Related to #40063

Signed-off-by: David Goulet <dgoulet@torproject.org>

If MetricsPort is defined, listen on it and handle the incoming request.

Signed-off-by: David Goulet <dgoulet@torproject.org>

Related to #40063

Signed-off-by: David Goulet <dgoulet@torproject.org>

Fixes #40163

Signed-off-by: David Goulet <dgoulet@torproject.org>

We've been using it for years, and it seems to work just fine.  This
patch removes the option and its network parameter.

Part of #40139

Tor has a feature to preserve unrecognized state file entries in
order to maintain forward compatibility.  But this feature, along
with some unused code that we never actually removed, led to us
keeping items that were of no use to the user, other than at worst
to preserve ancient information about them.

This commit adds a feature to remove obsolete entries when we load
the file.

Closes ticket 40137.

Alexander Hansen Færøy authored 5 years ago and David Goulet committed 4 years ago

This patch moves the logic for handling outbound addresses in torrc to
before we handle pluggable transports. Since we need access to the
values in OutboundBindAddress and friends for #5304 we have to parse
these values before we spawn any PT's.

This commit is code movement only.

See: https://bugs.torproject.org/5304

Alexander Hansen Færøy authored 5 years ago and David Goulet committed 4 years ago

This patch renames the enumeration value in `outbound_addr_t` from
`OUTBOUND_ADDR_EXIT_AND_OR` to `OUTBOUND_ADDR_ANY` since with the
arrival of `OUTBOUND_ADDR_PT` it no longer makes sense to call the
fallback value for "Exit and OR". Instead we rename it to "any".

See: https://bugs.torproject.org/5304

Alexander Hansen Færøy authored 5 years ago and David Goulet committed 4 years ago

This patch adds a new option to torrc: `OutboundBindAddressPT`. This
option works in the same way as `OutboundBindAddressOR` and
`OutboundBindAddressExit` in that it allows the user to specify which
outbound IP address the user wants the PT to make its connections from.

There is one difference though in that OutboundBindAddressPT will only
be a suggestion for the PT to use since Tor cannot enforce whether or
not the PT actually uses this option for anything.

See: https://bugs.torproject.org/5304

Alexander Hansen Færøy authored 5 years ago and David Goulet committed 4 years ago

This patch adds doxygen documentation strings for each of the values in
`outbound_addr_t`.

See: https://bugs.torproject.org/5304

no actual changes

This is apparently obsolete; syslog is modern instead.  If users
have an android log configured, given them a syslog if we can.

Closes #32181.

This is experimental and probably will break some platforms

David Goulet authored 4 years ago and Alexander Hansen Færøy committed 4 years ago

When accessing the last_resolved_address cache we always need to convert the
AF family value to an index value else we are out of bound and thus
overflowing if we write to it.

This fix is on code that has not been released.

GeKo reported the following libasan crash using Tor Browser alpha with tor
0.4.5.0-alpha-dev (3c884bc9):

==4240==ERROR: AddressSanitizer: global-buffer-overflow on address
0x55888490e388 at pc 0x5588842cc216 bp 0x7ffc8c421b00 sp 0x7ffc8c421af8
READ of size 2 at 0x55888490e388 thread T0
    #0 0x5588842cc215 in tor_addr_compare_masked
(/home/thomas/Arbeit/Tor/tor-browser-build/tor-browser_en-US/Browser/TorBrowser/Tor/tor+0x5a6215)
    #1 0x558884203210 in is_local_to_resolve_addr
(/home/thomas/Arbeit/Tor/tor-browser-build/tor-browser_en-US/Browser/TorBrowser/Tor/tor+0x4dd210)
    #2 0x558883f7e252 in channel_tls_connect
(/home/thomas/Arbeit/Tor/tor-browser-build/tor-browser_en-US/Browser/TorBrowser/Tor/tor+0x258252)
    #3 0x558883f87ff7 in channel_connect_for_circuit
(/home/thomas/Arbeit/Tor/tor-browser-build/tor-browser_en-US/Browser/TorBrowser/Tor/tor+0x261ff7)
    #4 0x558883f8bc90 in circuit_handle_first_hop
(/home/thomas/Arbeit/Tor/tor-browser-build/tor-browser_en-US/Browser/TorBrowser/Tor/tor+0x265c90)
    #5 0x558883f8c891 in circuit_establish_circuit
(/home/thomas/Arbeit/Tor/tor-browser-build/tor-browser_en-US/Browser/TorBrowser/Tor/tor+0x266891)
    #6 0x558883fc3bbc in circuit_launch_by_extend_info
(/home/thomas/Arbeit/Tor/tor-browser-build/tor-browser_en-US/Browser/TorBrowser/Tor/tor+0x29dbbc)
    #7 0x558883fc5900
(/home/thomas/Arbeit/Tor/tor-browser-build/tor-browser_en-US/Browser/TorBrowser/Tor/tor+0x29f900)
    #8 0x558883fc6988 in connection_ap_handshake_attach_circuit
(/home/thomas/Arbeit/Tor/tor-browser-build/tor-browser_en-US/Browser/TorBrowser/Tor/tor+0x2a0988)
    #9 0x558883fd0d3f in connection_ap_attach_pending
(/home/thomas/Arbeit/Tor/tor-browser-build/tor-browser_en-US/Browser/TorBrowser/Tor/tor+0x2aad3f)
    #10 0x7f4d50110885  (TorBrowser/Tor/libevent-2.1.so.7+0x22885)
    #11 0x7f4d501110de in event_base_loop
(TorBrowser/Tor/libevent-2.1.so.7+0x230de)
    #12 0x558883f69b3c in do_main_loop
(/home/thomas/Arbeit/Tor/tor-browser-build/tor-browser_en-US/Browser/TorBrowser/Tor/tor+0x243b3c)
    #13 0x558883f3f70c in tor_run_main
(/home/thomas/Arbeit/Tor/tor-browser-build/tor-browser_en-US/Browser/TorBrowser/Tor/tor+0x21970c)
    #14 0x558883f3c2f7 in tor_main
(/home/thomas/Arbeit/Tor/tor-browser-build/tor-browser_en-US/Browser/TorBrowser/Tor/tor+0x2162f7)
    #15 0x558883f3531b in main
(/home/thomas/Arbeit/Tor/tor-browser-build/tor-browser_en-US/Browser/TorBrowser/Tor/tor+0x20f31b)
    #16 0x7f4d4f76acc9 in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x26cc9)
    #17 0x558883f3ba00
(/home/thomas/Arbeit/Tor/tor-browser-build/tor-browser_en-US/Browser/TorBrowser/Tor/tor+0x215a00)

0x55888490e388 is located 24 bytes to the left of global variable
'state_mgr' defined in 'src/app/config/statefile.c:184:22'
(0x55888490e3a0) of size 8
0x55888490e388 is located 32 bytes to the right of global variable
'global_state' defined in 'src/app/config/statefile.c:204:20'
(0x55888490e360) of size 8
SUMMARY: AddressSanitizer: global-buffer-overflow
(/home/thomas/Arbeit/Tor/tor-browser-build/tor-browser_en-US/Browser/TorBrowser/Tor/tor+0x5a6215)
in tor_addr_compare_masked
Shadow bytes around the buggy address:
  0x0ab190919c20: 00 f9 f9 f9 f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9
  0x0ab190919c30: 04 f9 f9 f9 f9 f9 f9 f9 00 00 00 00 03 f9 f9 f9
  0x0ab190919c40: f9 f9 f9 f9 03 f9 f9 f9 f9 f9 f9 f9 00 00 00 00
  0x0ab190919c50: 00 00 00 04 f9 f9 f9 f9 00 00 00 00 00 00 00 04
  0x0ab190919c60: f9 f9 f9 f9 04 f9 f9 f9 f9 f9 f9 f9 00 f9 f9 f9
=>0x0ab190919c70: f9[f9]f9 f9 00 f9 f9 f9 f9 f9 f9 f9 00 00 00 00
  0x0ab190919c80: 04 f9 f9 f9 f9 f9 f9 f9 04 f9 f9 f9 f9 f9 f9 f9
  0x0ab190919c90: 04 f9 f9 f9 f9 f9 f9 f9 04 f9 f9 f9 f9 f9 f9 f9
  0x0ab190919ca0: 00 00 00 00 00 f9 f9 f9 f9 f9 f9 f9 00 00 00 00
  0x0ab190919cb0: 01 f9 f9 f9 f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9
  0x0ab190919cc0: 00 f9 f9 f9 f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
  Shadow gap:              cc
==4240==ABORTING

Signed-off-by: David Goulet <dgoulet@torproject.org>

Split implementation of several command line options from
options_init_from_torrc into smaller isolated functions.

Closes #40101.

For clients, there is no minimum value; in both cases, we warn if
the value seems too low.

Closes ticket 24308.

We used to have a single boolean, "FascistFirewall".  Ages ago, in
tickets #17840 and #9067, we added an improved "ReachableAddresses"
mechanism.  It's time to rename related identifiers in the code for
consistency.  This closes #18106.

This is an automated commit, generated by this command:

./scripts/maint/rename_c_identifier.py \
        fascist_firewall_allows_address reachable_addr_allows \
        fascist_firewall_use_ipv6 reachable_addr_use_ipv6 \
        fascist_firewall_prefer_ipv6_impl reachable_addr_prefer_ipv6_impl \
        fascist_firewall_prefer_ipv6_orport reachable_addr_prefer_ipv6_orport \
        fascist_firewall_prefer_ipv6_dirport reachable_addr_prefer_ipv6_dirport \
        fascist_firewall_allows_address_addr reachable_addr_allows_addr \
        fascist_firewall_allows_address_ap reachable_addr_allows_ap \
        fascist_firewall_allows_base reachable_addr_allows_base \
        fascist_firewall_allows_ri_impl reachable_addr_allows_ri_impl \
        fascist_firewall_allows_rs_impl reachable_addr_allows_rs_impl \
        fascist_firewall_allows_rs reachable_addr_allows_rs \
        fascist_firewall_allows_md_impl reachable_addr_allows_md_impl \
        fascist_firewall_allows_node reachable_addr_allows_node \
        fascist_firewall_allows_dir_server reachable_addr_allows_dir_server \
        fascist_firewall_choose_address_impl reachable_addr_choose_impl \
        fascist_firewall_choose_address reachable_addr_choose \
        fascist_firewall_choose_address_base reachable_addr_choose_base \
        fascist_firewall_choose_address_rs reachable_addr_choose_from_rs \
        fascist_firewall_choose_address_ls reachable_addr_choose_from_ls \
        fascist_firewall_choose_address_node reachable_addr_choose_from_node \
        fascist_firewall_choose_address_dir_server reachable_addr_choose_from_dir_server

Fix crash introduced in #40020. On startup, tor calls
check_private_dir on the data and key directories. This function
uses open instead of opendir on the received directory. Data and
key directoryes are only opened here, so the seccomp rule added
should be for open instead of opendir, despite the fact that they
are directories.

They are about to be shutdown in September.

Signed-off-by: David Goulet <dgoulet@torproject.org>

Related to #33247

Signed-off-by: David Goulet <dgoulet@torproject.org>

Enum allows us to easily compare what is being returned but also better
semantic to the code.

Related #33247

Signed-off-by: David Goulet <dgoulet@torproject.org>

David Goulet authored 4 years ago and Nick Mathewson committed 4 years ago

Closes #40061

Signed-off-by: David Goulet <dgoulet@torproject.org>

Related #40058

Signed-off-by: David Goulet <dgoulet@torproject.org>

Closes #33239

Signed-off-by: David Goulet <dgoulet@torproject.org>

This commit makes it that if the ORPort is set with a single port, it will
bind to both global listen IPv4 and IPv6 addresses.

To pin an "ORPort <PORT>" to be IPv4 or IPv6, the IPv4Only/IPv6Only flags are
honored thus this will _only_ bind on IPv6 for that port value:

  ORPort 9050 IPv6Only
    Results in: [::]:9050

  ORPort 9051 IPv4Only
    Results in: [0.0.0.0]:9051

Attempting to configure an explicit IPv4 address with IPv6Only flag is an
error and vice versa.

Closes #33246

Signed-off-by: David Goulet <dgoulet@torproject.org>

Also, remove get_primary_or_port() -- nothing used it.

Rationale: these don't actually give the first advertised
address/port, but instead give us the first such port that we are
_configured_ to advertise.  Putting them in a portconf_ namespace
therefore makes sense.

Similarly, there are no other functions that get the first
configured advertised addr/port, so the "by_type_af()" part is needless.

This is an automated commit, generated by this command:

./scripts/maint/rename_c_identifier.py \
        get_first_advertised_addr_by_type_af portconf_get_first_advertised_addr \
        get_first_advertised_port_by_type_af portconf_get_first_advertised_port

This option controls if a tor relay will attempt address auto discovery and
thus ultimately publish an IPv6 ORPort in the descriptor.

Behavior is from proposal 312 section 3.2.6.

Closes #33245

Signed-off-by: David Goulet <dgoulet@torproject.org>

Different versions of glibc use either open or openat for the
opendir function. This commit adds logic to use the correct rule
for each glibc version, namely:
- Until 2.14 open is used
- From 2.15 to to 2.21 openat is used
- From 2.22 to 2.26 open is used
- From 2.27 onwards openat is used

Dirauth code use the warn log severity when calling find_my_address() which
made it that every time we would find an address, it would log a warning.

These are not needed below info level and thus set them to info level. An IP
change is set to notice by default.

Signed-off-by: David Goulet <dgoulet@torproject.org>

Signed-off-by: David Goulet <dgoulet@torproject.org>

Commit b14b1f2b was a mistake.

In case an Address statement is missing for the wanted family but another one
exists for another family, simply continue the address discovery.

It is not a mistake to be missing an Address statement for a family because
the address could simply be discovered by the next methods. Not all address
family requires a specific Address statement.

However, we do bail if we couldn't find any valid address for the requested
family _and_ a resolve failed meaning we had a hostname but couldn't resolve
it. In that case, we can't know if that hostname would have been for v4 or v6
thus we can't continue the address discovery properly.

Couple unit tests case were removed to match this reality.

Related #40025

Signed-off-by: David Goulet <dgoulet@torproject.org>